Microsoft‘s OCS provides instant messaging, presence, voice, video and web conferesning services within your corporate network. It also integrates well with your Alcatel OXE PBX.
Different OCS configurations depend on requirements for scalability and network topology and can get quite complicated. A medium size orgamization with up to 2.000 users however, can implement a consolidated configuration that is simple to configure and maintain. Here is a configuration with a Front End server, an Edge server and a Mediation server for PBX integrationthat works!:
Microsoft Office Communication Server works with two different client apps: Microsoft Office Communicator and Microsoft Office Live Meeting. Office Communicator supports enterprise instant messaging and presence as well as voice and video communications for 1-1 calls or 1-few conferences. Office Communicator instant messaging is integrated with Active Directory which means that each user of the corporate network automatically gets access to any other user via instant messaging using the existing corporate directory infrastructure. This is a significant for organizations with many users in different locations/buildings/floors.
Microsoft Office Live Meeting on the other hand supports web conferences – i.e. the ability to conduct remote presentations that include on screen presentations like PowerPoint, but also voice video and demos. It is ideally suited for 1-few or 1-many presentations to remote corporate users or customers located outside the corporate network. It provides access to the on-screen presentation material (example PowerPoint, or schematic diagrams), the ability to upload and download document handouts, meeting notes and live Q&A and chats among participants. It also allows presentations to be recorded for on-demand viewing.
Office Communicator and Office Live Meeting connect to the OCS server within the corporate network. A consolidated Front End OCS server runs the OCS Front End Access (used mainly for Communicator), Conferencing (used for Live Meeting) and AV (used for voice and video for both Communicator and Live Meeting) roles. Users can connect to the corporate OCS server via the internet when an OCS Edge + ISA combination is deployed to provide internet connectivity.
OCS can also connect to a corporate PBX via an OCS Mediation Server which is a special OCS role that needs to be deployed in a different machine. It provides codec translation between OCS and the PBX. The PBX in turn can provide access to the entire corporate telephone network as well as the public telephone network.
How Many Users, how many servers?
A fully fledged implementation can be deployed in as few as 3 physical servers (OCS Front End, OCS Edge, OCS Mediation). This assumes that ISA Server, a DNS server and Active Directory are already available. Such a configuration can support up to 2.000 users assuming a decent network infrastructure with good links to the central location where the OCS Front End server is located.
Can OCS be deployed virtualized?
Not in production environments. However, in test environments, a fully fledged consolidated configuration can be deployed in a 100% virtual server environment in a single machine with enough memory and a dual core processor! This includes, OCS FE, Edge, Mediation, ISA, etc. While such a virtual implementation is not recommended by Microsoft, in our lab environment it works fine. Voice quality as well as general performance is excellent for a small number of users.
How about PBX Integration?
Applied Networks has implemented a connection from OCS to an Alcatel OmniPCX Enterprise PBX (OXE) with call forking (routing of calls to both telephones and Communicators). While specialist skills are required to configure the OCS Mediation server and the PBX, the configuration works well in both directions. It provides transparent access to the corporate telephone network as well as the public telephone network to OCS clients.
Physical Network Configuration
The OCS Edge server needs an interface that connects to the internet with 3 public IP addresses (in the example above 22.214.171.124, 126.96.36.199, 188.8.131.52). These are used for the OCS Access Edge, the OCS Conferencing Edge and the OCS AV Edge interfaces respectively. The last one needs to be a fully routable public address (not NAT). The OCS Edge server is not joined in the Active Directory domain and is a standalone server in a workgroup. In a simple configuration, you can acquire a broadband connection with a static block IP address range from your ISP. You can assign public IP addresses from your range to the Edge server interfaces (as well as the ISA server public interface). You also assign a public address to the router internal LAN interface and disable NAT. This will make your Edge server directly contactable from the Internet. This is of course a basic configuration suitable for test environments and small loads. You would use a DMZ configuration and load balancers for heavier loads.
Ports , Certificates and DNS
OCS port and certificate configuration can be cumbersome. The configuration in the diagram above works. You need a number of certificates that can be issued by your private certification authority and 4 that you have to buy from a public certification authority. Here are the details:
Private Certification Authority (example: contosoCA)
· The OCS Front End Server uses a single certificate for all roles.
Subject name: ocs.corpnet.contoso.local (matches the OCS FQDN).
Subject Alternative Name: sip.contoso.com ocs.contoso.com
· The OCS Edge Server uses a private CA certificate for the local (LAN) interface:
Subject name: ocsedge.edge.contoso.local (matches the OCS Edge server FQDN).
· The OCS Mediation Server uses a private CA certificate:
Subject name: ocsm.corpnet.contoso.local (matches the OCS Mediation server FQDN).
Public Certification Authority (www.certificatesforexchange.com Starfield CA provides good value for money and the certificates work fine with OCS)
You need 4 certificates:
· Access Edge: ocsae.contoso.com
Subject Name: ocsae.contoso.com
· Conference Edge: ocsce.contoso.com
Subject Name: ocsce.contoso.com
· AV Edge: ocsav.contoso.com
Subject Name: ocsav.contoso.com
· ISA Server OCS Listener: ocs.contoso.com
Subject Name: ocs.contoso.com
To generate and install the certificates you use the certificate wizard that comes with OCS. However you need access to your corporate CA to generate the private certificates. Installing the ISA OCS listener certificate is also tricky. You need to store this in the personal certificate store of the local machine using the IIS console (rather than mmc).
In your internal DNS you need :
A records for your OCS Front End Server, Mediation server and Edge Server in the corpnet.contoso.local zone.
A split DNS implementation i.e. a copy of the contoso.com zone in the internal DNS to be used by internal users only.
A CNAME record in the contoso.com zone. CNAME: sip.contoso.com pointing to ocs.corpnet.contoso.local.
In your external DNS you need:
A records: ocs (ISA OCS Listener), ocsae (ocs access edge ip address)
ocsce (ocs conference edge address), ocsav (.ocs AV edge address)
A SRV record: _sip._tls.contoso.com pointing to ocsae.contoso.com port 443
OCS Mediation Server
OCS can connect to an Alcatel OXE PBX through its native mediation server. This configuration requires the correct codec configuration in the PBX as well as the correct voice user configuration for the OCS network. The PBX can fork calls and provide access to the internal telephone system as well as the public telephone network.